- From: Martin Thomson <martin.thomson@gmail.com>
- Date: Fri, 4 Aug 2017 16:52:37 +1000
- To: Victor Vasiliev <vasilvv@google.com>
- Cc: HTTP Working Group <ietf-http-wg@w3.org>, draft-thomson-http-replay@ietf.org
On 4 August 2017 at 16:21, Martin Thomson <martin.thomson@gmail.com> wrote: >> Could you elaborate on the concept of consistent handling? I've read #27, >> and I still can't quite understand what problem you are trying to solve. > > I probably got this confused with a separate issue there. Consistent > handling is more to prevent inadvertent creation of leaks when > processing a request. If requests are sometimes processed by nodes > and deferred until handshake completion by other nodes, then the nodes > that process the requests expose information. For the replay defenses > to be effective (either delay or 425), the application of those > defenses needs to be consistent across all nodes. Let me walk this back a little. I sat down and tried to see how inconsistent application of the defenses could be exploited and I drew a blank. It looks like the concerns here largely devolve to whether actions taken have side-effects. We could probably simplify the position then and say that if the request is safe to process, then that needs to be constant - different nodes at different times can't reach different conclusions. That's the consistency we need. If we don't have that, then an attacker can go shopping for someone to exploit. I think that there is still some value in #27 in terms of explaining some of the corner cases, but that probably needs to be redistributed throughout the remainder of the document. The core is in the simple statement.
Received on Friday, 4 August 2017 06:53:00 UTC